Use of Protected Health Information (PHI) For Marketing – HIPAA/HITECH AMENDMENTS effective March 26, 2013 – Are You Prepared?

On January 17, 2013 the US Department of Health & Human Services (HHS) issued the long-anticipated final rule describing the privacy and security requirements for covered entities under the Health Insurance Portability and Accountability Act (HIPAA), as required by the Health Information Technology for Economic and Clinic Health (HITECH) Act. The new final HIPAA Privacy and Security Rule has been described as containing the most sweeping changes to HIPAA since the law was implemented. The Amendments become effective on March 26, 2013 and compliance is generally required by September 23, 2013.

The final rule constricts the limitations on the use and disclosure of Protected Health Information (PHI) for marketing purposes by requiring covered entities to obtain authorization from patients IF the covered entity receives payment for producing or distributing materials. There are however, certain communications allowed without permission, including treatment communications as long as provisions are made allowing the patient to “opt-out” of the communication easily. Communications such as prescription refill reminders remain allowable, if the compensation received by the covered entity is limited to reasonable costs. –Lisa Coleman

Comments Off